Environment
Novell
ZENworks 10 Configuration Management
Situation
User policy is not effective after applying both user policy
and device policy.
ERROR (right click on zicon, policy failed link):
Policy
Enforcement Failed
This policy did not meet the loopback requirement.
ERROR (from zmd-messages.log):
[DEBUG]
[3/24/2008 5:14:49 PM] [user1] [Status Library] [] [SetStatus:
srchSql= select successcount, failurecount from zstatus where
userguid ='1ec6d7f9148d7cb974219be1e4b5140e~0005af688defdc11b16d009027de2b95'
and objectguid = '831003498db5807f8817a350e6c2dbff' and
operationtype = 'Policy.LoopBackEval'] [] []
[DEBUG] [3/24/2008 5:14:49 PM] [user1] [Status Library] [] [SetStatus: sql= insert into zstatus(timestamp, userguid, objectguid, source, objecttype, operationtype, operationstatus, successcount, failurecount, objectversion, objectname, objectsubtype, messageid ) values ( 633420008897812500,'1ec6d7f9148d7cb974219be1e4b5140e~0005af688defdc11b16d009027de2b95','831003498db5807f8817a350e6c2dbff',0,'P','Policy.LoopBackEval','F',0,1,0,'userPolicyXP','grouppolicy','PolicyManager.LOOPBACK_EVAL_FAILED')] [] []
[DEBUG] [3/24/2008 5:14:49 PM] [user1] [Status Library] [] [SetStatus: sql= insert into zstatus(timestamp, userguid, objectguid, source, objecttype, operationtype, operationstatus, successcount, failurecount, objectversion, objectname, objectsubtype, messageid ) values ( 633420008897812500,'1ec6d7f9148d7cb974219be1e4b5140e~0005af688defdc11b16d009027de2b95','831003498db5807f8817a350e6c2dbff',0,'P','Policy.LoopBackEval','F',0,1,0,'userPolicyXP','grouppolicy','PolicyManager.LOOPBACK_EVAL_FAILED')] [] []
Resolution
Don't use "Device
Only" on a device policy associated to a device on which a user
policy will be applied against the logged in user. Use"Device last" instead.
Additional Information
Windows
Group Policies (GPOs) are singular for the Device and Singular for
the User. A singular policy is one where only a single
instance of that type of policy can be active on a given
device.
You may have
two applied, only one for the user and only one for the
device.
This is different From ZENworks Desktop Management 7 where you could have multiple User and Multiple device GPOs applied simultaneously.
When you
Have Both User and Machine Policies, They can be configured to
apply in one of four ways:
- User Last: Select this option to apply policies that are associated to devices first and then the users.
- Device Last: Select this option to apply policies that are associated to users first and then the devices.
- Device Only: Select this option to apply policies that are associated only to devices.
- User Only: Select this option to apply policies that are associated only to users.
Device
associated GPOs marked as "Device Only" will block separate user
associated policies from taking effect. This is the meaning
of the loopback error.